[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1048
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ece3860a by Salvatore Bonaccorso at 2018-01-25T08:07:21+01:00 Add CVE-2018-1048 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -13095,8 +13095,11 @@ CVE-2018-1049 [automount: access to automounted volumes can lock up] NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1709649 NOTE: https://github.com/systemd/systemd/pull/5916 NOTE: https://github.com/systemd/systemd/commit/e7d54bf58789545a9eb0b3964233defa0b007318 -CVE-2018-1048 +CVE-2018-1048 [ALLOW_ENCODED_SLASH option not taken into account in the AjpRequestParser] RESERVED + - undertow + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1534343 + TODO: check CVE-2018-1047 [Path traversal in ServletResourceManager class] RESERVED - undertow View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ece3860adc5f59e12c824ae379346ed261962765 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ece3860adc5f59e12c824ae379346ed261962765 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1047
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4d93f3f7 by Salvatore Bonaccorso at 2018-01-25T08:06:30+01:00 Add CVE-2018-1047 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -13097,8 +13097,12 @@ CVE-2018-1049 [automount: access to automounted volumes can lock up] NOTE: https://github.com/systemd/systemd/commit/e7d54bf58789545a9eb0b3964233defa0b007318 CVE-2018-1048 RESERVED -CVE-2018-1047 +CVE-2018-1047 [Path traversal in ServletResourceManager class] RESERVED + - undertow + NOTE: https://issues.jboss.org/browse/WFLY-9620 + NOTE: https://developer.jboss.org/thread/276826 + TODO: check, issue in undertow or WildFly? CVE-2018-1046 RESERVED CVE-2018-1045 (In Moodle 3.x, there is XSS via a calendar event name. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4d93f3f797e1101da2e178aad5a4f1c18c720551 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4d93f3f797e1101da2e178aad5a4f1c18c720551 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-6198/w3m
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 06f4021f by Salvatore Bonaccorso at 2018-01-25T06:40:34+01:00 Add CVE-2018-6198/w3m - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,7 @@ +CVE-2018-6198 [insecure temporary files creation when ~/.w3m is unwritable] + - w3m (bug #888097; unimportant) + NOTE: https://github.com/tats/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753 + NOTE: Neutralised by kernel hardening CVE-2018-6197 [segv in columnPos] - w3m [stretch] - w3m (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/06f4021fdfed7a0393abb492fcf46e229d04264c --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/06f4021fdfed7a0393abb492fcf46e229d04264c You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-6197/w3m
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f72ae8a3 by Salvatore Bonaccorso at 2018-01-25T06:31:55+01:00 Add CVE-2018-6197/w3m - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,9 @@ +CVE-2018-6197 [segv in columnPos] + - w3m + [stretch] - w3m (Minor issue) + [jessie] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/89 + NOTE: https://github.com/tats/w3m/commit/7fdc83b0364005a0b5ed869230dd81752ba022e8 CVE-2018-6196 [infinite recursion in HTMLlineproc0] - w3m [stretch] - w3m (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f72ae8a3195285078a304e163f5b611263502d4c --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f72ae8a3195285078a304e163f5b611263502d4c You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-6196/w3m, mark as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8c5eef5e by Salvatore Bonaccorso at 2018-01-25T06:30:45+01:00 Add CVE-2018-6196/w3m, mark as no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,9 @@ +CVE-2018-6196 [infinite recursion in HTMLlineproc0] + - w3m + [stretch] - w3m (Minor issue) + [jessie] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/88 + NOTE: https://github.com/tats/w3m/commit/8354763b90490d4105695df52674d0fcef823e92 CVE-2018-6189 RESERVED CVE-2018-6188 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c5eef5eb67e33231e313697cf45093bcd5a628b --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c5eef5eb67e33231e313697cf45093bcd5a628b You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-5683: Mark stretch as postponed
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8c105dc5 by Salvatore Bonaccorso at 2018-01-25T06:18:38+01:00 CVE-2018-5683: Mark stretch as postponed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1272,8 +1272,8 @@ CVE-2018-5684 (In Libav through 12.2, there is an invalid memcpy call in the ... TODO: check CVE-2018-5683 (The vga_draw_text function in Qemu allows local OS guest privileged ...) - qemu (bug #887392) + [stretch] - qemu (Minor issue, can be fixed along in future DSA) [jessie] - qemu (Minor issue, can be fixed along in future DSA) - [wheezy] - qemu (Minor issue, can be fixed along in future DSA) [wheezy] - qemu (Minor issue, can be fixed along in next DLA) - qemu-kvm [wheezy] - qemu-kvm (Minor issue, can be fixed along in next DLA) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c105dc59655bd389a554a20304908c79111df21 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c105dc59655bd389a554a20304908c79111df21 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] new webkit issues
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: ab6c38c0 by Moritz Muehlenhoff at 2018-01-25T03:12:03+01:00 new webkit issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -4796,6 +4796,9 @@ CVE-2018-4097 RESERVED CVE-2018-4096 RESERVED + - webkit2gtk 2.18.6-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2018-0002.html + NOTE: Not covered by security support CVE-2018-4095 RESERVED CVE-2018-4094 @@ -4810,8 +4813,14 @@ CVE-2018-4090 RESERVED CVE-2018-4089 RESERVED + - webkit2gtk 2.18.6-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2018-0002.html + NOTE: Not covered by security support CVE-2018-4088 RESERVED + - webkit2gtk 2.18.6-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2018-0002.html + NOTE: Not covered by security support CVE-2018-4087 RESERVED CVE-2018-4086 @@ -25460,8 +25469,14 @@ CVE-2017-13886 RESERVED CVE-2017-13885 RESERVED + - webkit2gtk 2.18.6-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2018-0002.html + NOTE: Not covered by security support CVE-2017-13884 RESERVED + - webkit2gtk 2.18.6-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2018-0002.html + NOTE: Not covered by security support CVE-2017-13883 (An issue was discovered in certain Apple products. macOS before ...) NOT-FOR-US: Apple CVE-2017-13882 @@ -46280,6 +46295,9 @@ CVE-2017-7166 RESERVED CVE-2017-7165 RESERVED + - webkit2gtk 2.18.6-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2018-0002.html + NOTE: Not covered by security support CVE-2017-7164 RESERVED CVE-2017-7163 (An issue was discovered in certain Apple products. macOS before ...) @@ -46287,9 +46305,13 @@ CVE-2017-7163 (An issue was discovered in certain Apple products. macOS before . CVE-2017-7162 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) NOT-FOR-US: Apple CVE-2017-7161 - RESERVED + - webkit2gtk 2.18.6-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2018-0002.html + NOTE: Not covered by security support CVE-2017-7160 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) - NOT-FOR-US: Apple + - webkit2gtk 2.18.6-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2018-0002.html + NOTE: Not covered by security support CVE-2017-7159 (An issue was discovered in certain Apple products. macOS before ...) NOT-FOR-US: Apple CVE-2017-7158 (An issue was discovered in certain Apple products. macOS before ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ab6c38c0fcb015644b3720f8efd8539d0f263719 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ab6c38c0fcb015644b3720f8efd8539d0f263719 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 01d67980 by Moritz Muehlenhoff at 2018-01-25T03:05:20+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -10,7 +10,7 @@ CVE-2018-6186 CVE-2018-6185 RESERVED CVE-2018-6184 (ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next ...) - TODO: check + NOT-FOR-US: ZEIT Next.js CVE-2018-6183 RESERVED CVE-2018-6182 @@ -22,7 +22,7 @@ CVE-2018-6180 CVE-2018-117 RESERVED CVE-2017-1000475 (FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service ...) - TODO: check + NOT-FOR-US: FreeSSHd CVE-2017-18075 (crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing ...) - linux 4.14.13-1 [jessie] - linux (Vulnerable code not present) @@ -373,9 +373,9 @@ CVE-2018-6020 CVE-2018-6019 RESERVED CVE-2018-6018 (Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android ...) - TODO: check + NOT-FOR-US: Tinder CVE-2018-6017 (Unencrypted transmission of images in Tinder iOS app and Tinder ...) - TODO: check + NOT-FOR-US: Tinder CVE-2018-6016 RESERVED CVE-2018-6015 @@ -503,15 +503,15 @@ CVE-2018-5990 CVE-2018-5989 RESERVED CVE-2018-5988 (SQL Injection exists in Flexible Poll 1.2 via the id parameter to ...) - TODO: check + NOT-FOR-US: Flexible Poll CVE-2018-5987 RESERVED CVE-2018-5986 (SQL Injection exists in Easy Car Script 2014 via the s_order or s_row ...) - TODO: check + NOT-FOR-US: Easy Car Script CVE-2018-5985 (SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for ...) - TODO: check + NOT-FOR-US: LiveCRM SaaS Cloud CVE-2018-5984 (SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 ...) - TODO: check + NOT-FOR-US: Tumder CVE-2018-5983 RESERVED CVE-2018-5982 @@ -521,13 +521,13 @@ CVE-2018-5981 CVE-2018-5980 RESERVED CVE-2018-5979 (SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 ...) - TODO: check + NOT-FOR-US: Wchat Fully Responsive PHP AJAX Chat Script CVE-2018-5978 (SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the ...) - TODO: check + NOT-FOR-US: Facebook Style Php Ajax Chat Zechat CVE-2018-5977 (SQL Injection exists in Affiligator Affiliate Webshop Management System ...) - TODO: check + NOT-FOR-US: Affiligator Affiliate Webshop Management System CVE-2018-5976 (Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 ...) - TODO: check + NOT-FOR-US: RSVP Invitation Online CVE-2018-5975 RESERVED CVE-2018-5974 @@ -535,13 +535,13 @@ CVE-2018-5974 CVE-2018-5973 RESERVED CVE-2018-5972 (SQL Injection exists in Classified Ads CMS Quickad 4.0 via the ...) - TODO: check + NOT-FOR-US: Classified Ads CMS Quickad CVE-2018-5971 RESERVED CVE-2018-5970 RESERVED CVE-2018-5969 (Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via ...) - TODO: check + NOT-FOR-US: Photography CMS CVE-2018-5968 (FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 ...) - jackson-databind (bug #888316) NOTE: https://github.com/FasterXML/jackson-databind/issues/1899 @@ -571,7 +571,7 @@ CVE-2018-5957 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows CVE-2018-5956 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local ...) NOT-FOR-US: Zillya! Antivirus CVE-2018-5955 (An issue was discovered in GitStack through 2.3.10. User controlled ...) - TODO: check + NOT-FOR-US: GitStack CVE-2017-18047 (Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP ...) NOT-FOR-US: LabF nfsAxe CVE-2017-18046 (Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 ...) @@ -950,9 +950,9 @@ CVE-2018-5780 CVE-2018-5779 RESERVED CVE-2018-5778 (An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 ...) - TODO: check + NOT-FOR-US: Ipswitch WhatsUp Gold CVE-2018-5777 (An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 ...) - TODO: check + NOT-FOR-US: Ipswitch WhatsUp Gold CVE-2018-5775 RESERVED CVE-2018-5774 @@ -1070,7 +1070,7 @@ CVE-2017-18033 (The Jira-importers-plugin in Atlassian Jira before version 7.6.1 CVE-2018-5750 RESERVED CVE-2018-5749 (install.php in Minecraft Servers List Lite before commit c1cd164 and ...) - TODO: check + NOT-FOR-US: Minecraft Servers List Lite CVE-2018-5748 [resource exhaustion via qemuMonitorIORead() method] RESERVED - libvirt 4.0.0-1 (bug #887700) @@ -1194,7 +1194,7 @@ CVE-2018-5707
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] firefox DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 0f8d4981 by Moritz Muehlenhoff at 2018-01-25T02:57:48+01:00 firefox DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = --- a/data/DSA/list +++ b/data/DSA/list @@ -1,3 +1,7 @@ +[25 Jan 2018] DSA-4096-1 firefox-esr - security update + {CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117} + [jessie] - firefox-esr 52.6.0esr-1~deb8u1 + [stretch] - firefox-esr 52.6.0esr-1~deb9u1 [24 Jan 2018] DSA-4095-1 gcab - security update {CVE-2018-5345} [stretch] - gcab 0.7-2+deb9u1 = data/dsa-needed.txt = --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -18,8 +18,6 @@ chromium-browser/stable -- curl (ghedo) -- -firefox-esr (jmm) --- graphicsmagick -- imagemagick/oldstable (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0f8d498188fa7e3c1321267c002f3d66ac23e665 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0f8d498188fa7e3c1321267c002f3d66ac23e665 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 3 commits: nvidia spu
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 8603ec68 by Moritz Muehlenhoff at 2018-01-25T01:42:48+01:00 nvidia spu - - - - - fff0d56f by Moritz Muehlenhoff at 2018-01-25T01:43:09+01:00 qemu postponed - - - - - 8a682689 by Moritz Muehlenhoff at 2018-01-25T01:43:18+01:00 Merge branch master of salsa.debian.org:security-tracker-team/security-tracker - - - - - 2 changed files: - data/CVE/list - data/next-point-update.txt Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1272,6 +1272,8 @@ CVE-2018-5684 (In Libav through 12.2, there is an invalid memcpy call in the ... TODO: check CVE-2018-5683 (The vga_draw_text function in Qemu allows local OS guest privileged ...) - qemu (bug #887392) + [jessie] - qemu (Minor issue, can be fixed along in future DSA) + [wheezy] - qemu (Minor issue, can be fixed along in future DSA) [wheezy] - qemu (Minor issue, can be fixed along in next DLA) - qemu-kvm [wheezy] - qemu-kvm (Minor issue, can be fixed along in next DLA) @@ -17370,8 +17372,8 @@ CVE-2017-16660 (Cacti 1.1.27 allows remote authenticated administrators to condu NOTE: affected code was introduced in the 1.x release CVE-2017-16641 (lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators ...) - cacti 1.1.27+ds1-3 (bug #881110) - [stretch] - cacti (Minor issue, due to CVE-2009-4112 does not make sense to isolately fix unless CVE-2009-4112 adressed upstream) - [jessie] - cacti (Minor issue, due to CVE-2009-4112 does not make sense to isolately fix unless CVE-2009-4112 adressed upstream) + [stretch] - cacti (Minor issue, due to CVE-2009-4112 does not make sense to isolately fix unless CVE-2009-4112 adressed upstream) + [jessie] - cacti (Minor issue, due to CVE-2009-4112 does not make sense to isolately fix unless CVE-2009-4112 adressed upstream) [wheezy] - cacti (Minor issue, due to CVE-2009-4112 does not make sense to isolately fix unless CVE-2009-4112 adressed upstream) NOTE: https://github.com/Cacti/cacti/issues/1057 NOTE: https://github.com/Cacti/cacti/commit/e8088bb6593e6a49d000c342d17402f01db8740e = data/next-point-update.txt = --- a/data/next-point-update.txt +++ b/data/next-point-update.txt @@ -67,3 +67,9 @@ CVE-2017-14695 [stretch] - salt 2016.11.2+ds-1+deb9u1 CVE-2017-14696 [stretch] - salt 2016.11.2+ds-1+deb9u1 +CVE-2017-5753 + [stretch] - nvidia-graphics-drivers-legacy-340xx 340.106-1~deb9u1 +CVE-2017-5754 + [stretch] - nvidia-graphics-drivers-legacy-340xx 340.106-1~deb9u1 +CVE-2017-5715 + [stretch] - nvidia-graphics-drivers-legacy-340xx 340.106-1~deb9u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/5198ff971f348bcd3607fb73fe5e863b1298123a...8a68268922de8d13c43efbe0599677d51773b46d --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/5198ff971f348bcd3607fb73fe5e863b1298123a...8a68268922de8d13c43efbe0599677d51773b46d You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DLA-1256-1 for firefox-esr
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 5198ff97 by Emilio Pozuelo Monfort at 2018-01-25T00:15:46+01:00 Reserve DLA-1256-1 for firefox-esr - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[25 Jan 2018] DLA-1256-1 firefox-esr - security update + {CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117} + [wheezy] - firefox-esr 52.6.0esr-1~deb7u1 [21 Jan 2018] DLA-1255-1 bind9 - security update {CVE-2017-3145} [wheezy] - bind9 1:9.8.4.dfsg.P1-6+nmu2+deb7u19 = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -15,8 +15,6 @@ curl (Thorsten Alteholz) exiv2 (Brian May) NOTE: 20180101: built wheezy version with ASAN in jessie and confirmed that CVE-2017-17669 applies to wheezy version -- -firefox-esr (Emilio Pozuelo) --- icu NOTE: 20171229: CVE-2017-15422 was reported via Google Code issue report in Chromium project; report is not visible to the public -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5198ff971f348bcd3607fb73fe5e863b1298123a --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5198ff971f348bcd3607fb73fe5e863b1298123a You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2017-17485
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f3c7c714 by Salvatore Bonaccorso at 2018-01-24T23:13:30+01:00 Add bug reference for CVE-2017-17485 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -12152,10 +12152,9 @@ CVE-2017-17487 CVE-2017-17486 RESERVED CVE-2017-17485 (FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 ...) - - jackson-databind + - jackson-databind (bug #888318) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1528565#c0 NOTE: https://github.com/FasterXML/jackson-databind/issues/1855 - TODO: check CVE-2017-17484 (The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International ...) [experimental] - icu 60.2-1 - icu View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3c7c714558cc74568be565c816f21cb10968252 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3c7c714558cc74568be565c816f21cb10968252 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-5968
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3731c056 by Salvatore Bonaccorso at 2018-01-24T23:11:49+01:00 Add bug reference for CVE-2018-5968 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -543,7 +543,7 @@ CVE-2018-5970 CVE-2018-5969 (Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via ...) TODO: check CVE-2018-5968 (FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 ...) - - jackson-databind + - jackson-databind (bug #888316) NOTE: https://github.com/FasterXML/jackson-databind/issues/1899 NOTE: https://github.com/FasterXML/jackson-databind/commit/038b471e2efde2e8f96b4e0be958d3e5a1ff1d05 CVE-2018-5967 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3731c0569255783a04df948b4ab1c2ed5ed164f6 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3731c0569255783a04df948b4ab1c2ed5ed164f6 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Move CVE-2017-17485 back to unfixed
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 335db9f3 by Salvatore Bonaccorso at 2018-01-24T23:07:41+01:00 Move CVE-2017-17485 back to unfixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -12152,8 +12152,10 @@ CVE-2017-17487 CVE-2017-17486 RESERVED CVE-2017-17485 (FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 ...) - - jackson-databind (Specific incomplete fixes for some Red Hat packages) + - jackson-databind NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1528565#c0 + NOTE: https://github.com/FasterXML/jackson-databind/issues/1855 + TODO: check CVE-2017-17484 (The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International ...) [experimental] - icu 60.2-1 - icu View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/335db9f368019cd522b4e6c72937d2dbda49f8d9 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/335db9f368019cd522b4e6c72937d2dbda49f8d9 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-5968/jackson-databind
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a172615 by Salvatore Bonaccorso at 2018-01-24T22:46:57+01:00 Add CVE-2018-5968/jackson-databind - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -543,7 +543,9 @@ CVE-2018-5970 CVE-2018-5969 (Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via ...) TODO: check CVE-2018-5968 (FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 ...) - TODO: check + - jackson-databind + NOTE: https://github.com/FasterXML/jackson-databind/issues/1899 + NOTE: https://github.com/FasterXML/jackson-databind/commit/038b471e2efde2e8f96b4e0be958d3e5a1ff1d05 CVE-2018-5967 RESERVED CVE-2018-5966 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a172615d05f4af813da1041f0a9a8e7ccd1e0ce --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a172615d05f4af813da1041f0a9a8e7ccd1e0ce You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-6187/mupdf
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 88ce93bf by Salvatore Bonaccorso at 2018-01-24T22:45:14+01:00 Add CVE-2018-6187/mupdf - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -3,7 +3,8 @@ CVE-2018-6189 CVE-2018-6188 RESERVED CVE-2018-6187 (In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow ...) - TODO: check + - mupdf + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698908 CVE-2018-6186 RESERVED CVE-2018-6185 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/88ce93bf7b6aa0aee763d89d47df387e7c7c7ed9 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/88ce93bf7b6aa0aee763d89d47df387e7c7c7ed9 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-5996, #888314
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0d23dde7 by Salvatore Bonaccorso at 2018-01-24T22:41:08+01:00 Add bug reference for CVE-2018-5996, #888314 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -485,7 +485,7 @@ CVE-2018-107 [HTTP authentication leak in redirects] NOTE: Patch: https://github.com/curl/curl/commit/af32cd3859336ab.patch CVE-2018-5996 [Memory Corruptions via RAR PPMd] RESERVED - - p7zip-rar + - p7zip-rar (bug #888314) NOTE: https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/ CVE-2018-5995 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0d23dde702f5b22fbb39b1dc7a199f8ef8f89edc --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0d23dde702f5b22fbb39b1dc7a199f8ef8f89edc You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Correct source package name for CVE-2018-5996, it's in the non-free p7zip-rar instead
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3f27b6ab by Salvatore Bonaccorso at 2018-01-24T22:35:57+01:00 Correct source package name for CVE-2018-5996, its in the non-free p7zip-rar instead There was created only one bug #888297 for both CVEs, but those CVEs one affect p7zip (possibly, untriaged if the versions in Debian are affected) and p7zip-rar in non-free (as well only possibly affected; untriaged). - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -485,9 +485,8 @@ CVE-2018-107 [HTTP authentication leak in redirects] NOTE: Patch: https://github.com/curl/curl/commit/af32cd3859336ab.patch CVE-2018-5996 [Memory Corruptions via RAR PPMd] RESERVED - - p7zip (bug #888297) + - p7zip-rar NOTE: https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/ - TODO: check CVE-2018-5995 RESERVED CVE-2018-5994 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3f27b6ab1aa86eb6f1b63c058ccacf3e5c9a9e9e --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3f27b6ab1aa86eb6f1b63c058ccacf3e5c9a9e9e You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add two CVEs for p7zip
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8c299988 by Salvatore Bonaccorso at 2018-01-24T22:29:54+01:00 Add two CVEs for p7zip It is unclear if those affect p7zip, not triaged yet. In particular CVE-2018-5996 might be not-affected and the code. Cf. https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/#fn:2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -483,8 +483,11 @@ CVE-2018-107 [HTTP authentication leak in redirects] - curl 7.58.0-1 NOTE: https://curl.haxx.se/docs/adv_2018-b3bf.html NOTE: Patch: https://github.com/curl/curl/commit/af32cd3859336ab.patch -CVE-2018-5996 +CVE-2018-5996 [Memory Corruptions via RAR PPMd] RESERVED + - p7zip (bug #888297) + NOTE: https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/ + TODO: check CVE-2018-5995 RESERVED CVE-2018-5994 @@ -5833,8 +5836,10 @@ CVE-2018-3710 [Remote Code Execution Vulnerability in GitLab Projects Import] NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ CVE-2017-17970 (Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote ...) NOT-FOR-US: Muviko -CVE-2017-17969 +CVE-2017-17969 [ZIP Shrink: Heap Buffer Overflow] RESERVED + - p7zip (bug #888297) + NOTE: https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/ CVE-2018-3709 RESERVED CVE-2018-3708 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c299988069bbe81a05389971b40b3da775ffcb7 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c299988069bbe81a05389971b40b3da775ffcb7 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c5934241 by Salvatore Bonaccorso at 2018-01-24T22:20:16+01:00 Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -62065,7 +62065,7 @@ CVE-2017-1771 CVE-2017-1770 RESERVED CVE-2017-1769 (IBM Business Process Manager 8.6 is vulnerable to cross-site request ...) - TODO: check + NOT-FOR-US: IBM Business Process Manager CVE-2017-1768 RESERVED CVE-2017-1767 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c59342417da1edfdeb6e95d8f54b1e8f303f58d1 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c59342417da1edfdeb6e95d8f54b1e8f303f58d1 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2017-18075/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5cb7438b by Salvatore Bonaccorso at 2018-01-24T22:12:52+01:00 Add CVE-2017-18075/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -23,7 +23,10 @@ CVE-2018-117 CVE-2017-1000475 (FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service ...) TODO: check CVE-2017-18075 (crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing ...) - TODO: check + - linux 4.14.13-1 + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/d76c68109f37cb85b243a1cf0f40313afd2bae68 CVE-2018-118 (An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 ...) NOT-FOR-US: ovirt-engine CVE-2018-6179 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5cb7438b235a1ceab1e30dad2b8844fe2be0e838 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5cb7438b235a1ceab1e30dad2b8844fe2be0e838 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3369e6e6 by security tracker role at 2018-01-24T21:10:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,6 +1,30 @@ -CVE-2017-18075 +CVE-2018-6189 RESERVED -CVE-2018-118 +CVE-2018-6188 + RESERVED +CVE-2018-6187 (In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow ...) + TODO: check +CVE-2018-6186 + RESERVED +CVE-2018-6185 + RESERVED +CVE-2018-6184 (ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next ...) + TODO: check +CVE-2018-6183 + RESERVED +CVE-2018-6182 + RESERVED +CVE-2018-6181 + RESERVED +CVE-2018-6180 + RESERVED +CVE-2018-117 + RESERVED +CVE-2017-1000475 (FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service ...) + TODO: check +CVE-2017-18075 (crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing ...) + TODO: check +CVE-2018-118 (An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 ...) NOT-FOR-US: ovirt-engine CVE-2018-6179 RESERVED @@ -344,10 +368,10 @@ CVE-2018-6020 RESERVED CVE-2018-6019 RESERVED -CVE-2018-6018 - RESERVED -CVE-2018-6017 - RESERVED +CVE-2018-6018 (Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android ...) + TODO: check +CVE-2018-6017 (Unencrypted transmission of images in Tinder iOS app and Tinder ...) + TODO: check CVE-2018-6016 RESERVED CVE-2018-6015 @@ -472,16 +496,16 @@ CVE-2018-5990 RESERVED CVE-2018-5989 RESERVED -CVE-2018-5988 - RESERVED +CVE-2018-5988 (SQL Injection exists in Flexible Poll 1.2 via the id parameter to ...) + TODO: check CVE-2018-5987 RESERVED -CVE-2018-5986 - RESERVED -CVE-2018-5985 - RESERVED -CVE-2018-5984 - RESERVED +CVE-2018-5986 (SQL Injection exists in Easy Car Script 2014 via the s_order or s_row ...) + TODO: check +CVE-2018-5985 (SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for ...) + TODO: check +CVE-2018-5984 (SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 ...) + TODO: check CVE-2018-5983 RESERVED CVE-2018-5982 @@ -490,28 +514,28 @@ CVE-2018-5981 RESERVED CVE-2018-5980 RESERVED -CVE-2018-5979 - RESERVED -CVE-2018-5978 - RESERVED -CVE-2018-5977 - RESERVED -CVE-2018-5976 - RESERVED +CVE-2018-5979 (SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 ...) + TODO: check +CVE-2018-5978 (SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the ...) + TODO: check +CVE-2018-5977 (SQL Injection exists in Affiligator Affiliate Webshop Management System ...) + TODO: check +CVE-2018-5976 (Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 ...) + TODO: check CVE-2018-5975 RESERVED CVE-2018-5974 RESERVED CVE-2018-5973 RESERVED -CVE-2018-5972 - RESERVED +CVE-2018-5972 (SQL Injection exists in Classified Ads CMS Quickad 4.0 via the ...) + TODO: check CVE-2018-5971 RESERVED CVE-2018-5970 RESERVED -CVE-2018-5969 - RESERVED +CVE-2018-5969 (Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via ...) + TODO: check CVE-2018-5968 (FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 ...) TODO: check CVE-2018-5967 @@ -917,10 +941,10 @@ CVE-2018-5780 RESERVED CVE-2018-5779 RESERVED -CVE-2018-5778 - RESERVED -CVE-2018-5777 - RESERVED +CVE-2018-5778 (An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 ...) + TODO: check +CVE-2018-5777 (An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 ...) + TODO: check CVE-2018-5775 RESERVED CVE-2018-5774 @@ -1161,8 +1185,8 @@ CVE-2018-5707 RESERVED CVE-2018-5706 (An issue was discovered in Octopus Deploy before 4.1.9. Any user with ...) NOT-FOR-US: Octopus Deploy -CVE-2018-5705 - RESERVED +CVE-2018-5705 (Reservo Image Hosting 1.6 is vulnerable to XSS attacks. The affected ...) + TODO: check CVE-2018-103 (Improper input validation bugs in DNSSEC validators components in ...) - pdns-recursor 4.1.1-1 [stretch] - pdns-recursor (Only affects 4.1) @@ -1987,6 +2011,7 @@ CVE-2018-101 [Libc Realpath Buffer Underflow] NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22679 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=52a713fdd0a30e1bd79818e2e3c4ab44ddca1a94 CVE-2018-5345 (A stack-based buffer overflow within GNOME gcab through 0.7.4 can be ...) + {DSA-4095-1} - gcab 0.7-7 (bug #887776)
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DSA number for gcab update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d48ea318 by Salvatore Bonaccorso at 2018-01-24T21:14:46+01:00 Reserve DSA number for gcab update - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = --- a/data/DSA/list +++ b/data/DSA/list @@ -1,3 +1,6 @@ +[24 Jan 2018] DSA-4095-1 gcab - security update + {CVE-2018-5345} + [stretch] - gcab 0.7-2+deb9u1 [22 Jan 2018] DSA-4094-1 smarty3 - security update {CVE-2017-1000480} [jessie] - smarty3 3.1.21-1+deb8u1 = data/dsa-needed.txt = --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -20,8 +20,6 @@ curl (ghedo) -- firefox-esr (jmm) -- -gcab (carnil) --- graphicsmagick -- imagemagick/oldstable (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d48ea318105b7dd9fb70d008fa733a7f462a01b8 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d48ea318105b7dd9fb70d008fa733a7f462a01b8 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] claim 3 LTS frontdesk weeks
Antoine Beaupré pushed to branch master at Debian Security Tracker / security-tracker Commits: 14dd6cfd by Antoine Beaupré at 2018-01-24T12:02:33-05:00 claim 3 LTS frontdesk weeks - - - - - 1 changed file: - org/lts-frontdesk.2018.txt Changes: = org/lts-frontdesk.2018.txt = --- a/org/lts-frontdesk.2018.txt +++ b/org/lts-frontdesk.2018.txt @@ -19,20 +19,20 @@ From 29-01 to 04-02:Ola LundqvistFrom 05-02 to 11-02:Markus Koschany From 12-02 to 18-02:Guido Günther From 19-02 to 25-02:Chris Lamb -From 26-02 to 04-03: +From 26-02 to 04-03:Antoine Beaupré From 05-03 to 11-03:Chris Lamb From 12-03 to 18-03:Thorsten Alteholz From 19-03 to 25-03:Markus Koschany From 26-03 to 01-04:Ola Lundqvist From 02-04 to 08-04:Chris Lamb -From 09-04 to 15-04: +From 09-04 to 15-04:Antoine Beaupré From 16-04 to 22-04:Markus Koschany From 23-04 to 29-04:Thorsten Alteholz From 30-04 to 06-05:Guido Günther From 07-05 to 13-05:Ola Lundqvist From 14-05 to 20-05:Chris Lamb From 21-05 to 27-05:Markus Koschany -From 28-05 to 03-06: +From 28-05 to 03-06:Antoine Beaupré From 04-06 to 10-06:Chris Lamb From 11-06 to 17-06:Thorsten Alteholz From 18-06 to 24-06:Markus Koschany View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/14dd6cfd238209ef47194688a0529b684dbc56f7 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/14dd6cfd238209ef47194688a0529b684dbc56f7 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] mark packages EOL
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 1039d2b9 by Thorsten Alteholz at 2018-01-24T16:07:07+01:00 mark packages EOL - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -430,6 +430,7 @@ CVE-2017-18048 (Monstra CMS 3.0.4 allows users to upload arbitrary files, which NOT-FOR-US: Monstra CMS CVE-2017-1000417 (MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic ...) - matrixssl + [wheezy] - matrixssl (not supported in Wheezy) CVE-2017-1000416 (axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting ...) NOT-FOR-US: axTLS CVE-2018-6003 (An issue was discovered in the _asn1_decode_simple_ber function in ...) @@ -50339,6 +50340,7 @@ CVE-2017-5754 (Systems with microprocessors utilizing speculative execution and - nvidia-graphics-drivers 384.111-1 (bug #886852) [stretch] - nvidia-graphics-drivers (Non-free not supported) [jessie] - nvidia-graphics-drivers (Non-free not supported) + [wheezy] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx 340.106-1 [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported) - nvidia-graphics-drivers-legacy-304xx @@ -50355,6 +50357,7 @@ CVE-2017-5753 (Systems with microprocessors utilizing speculative execution and - nvidia-graphics-drivers 384.111-1 (bug #886852) [stretch] - nvidia-graphics-drivers (Non-free not supported) [jessie] - nvidia-graphics-drivers (Non-free not supported) + [wheezy] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx 340.106-1 [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported) - nvidia-graphics-drivers-legacy-304xx @@ -50462,6 +50465,7 @@ CVE-2017-5715 (Systems with microprocessors utilizing speculative execution and - nvidia-graphics-drivers 384.111-1 (bug #886852) [stretch] - nvidia-graphics-drivers (Non-free not supported) [jessie] - nvidia-graphics-drivers (Non-free not supported) + [wheezy] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx 340.106-1 [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported) - nvidia-graphics-drivers-legacy-304xx View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1039d2b98eda8819c21f9ea5ed64f5b61730d8f6 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1039d2b98eda8819c21f9ea5ed64f5b61730d8f6 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] claim curl
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 1ba29f98 by Thorsten Alteholz at 2018-01-24T15:20:25+01:00 claim curl - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -10,7 +10,7 @@ this list is updated have a look at https://wiki.debian.org/LTS/Development#Triage_new_security_issues -- -curl +curl (Thorsten Alteholz) -- exiv2 (Brian May) NOTE: 20180101: built wheezy version with ASAN in jessie and confirmed that CVE-2017-17669 applies to wheezy version View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ba29f98e425c28fd20a503783e409abc15f9cad --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ba29f98e425c28fd20a503783e409abc15f9cad You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] add curl to dla-needed.txt
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: d438f248 by Abhijith PA at 2018-01-24T19:34:10+05:30 add curl to dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -10,6 +10,8 @@ this list is updated have a look at https://wiki.debian.org/LTS/Development#Triage_new_security_issues -- +curl +-- exiv2 (Brian May) NOTE: 20180101: built wheezy version with ASAN in jessie and confirmed that CVE-2017-17669 applies to wheezy version -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d438f2480903dc5e4aa7719197b62d200e5a2991 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d438f2480903dc5e4aa7719197b62d200e5a2991 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Two curl issues fixed in unstable with new upstream version
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cffd5bd1 by Salvatore Bonaccorso at 2018-01-24T13:45:52+01:00 Two curl issues fixed in unstable with new upstream version - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -452,7 +452,7 @@ CVE-2018-5997 RESERVED CVE-2018-107 [HTTP authentication leak in redirects] RESERVED - - curl + - curl 7.58.0-1 NOTE: https://curl.haxx.se/docs/adv_2018-b3bf.html NOTE: Patch: https://github.com/curl/curl/commit/af32cd3859336ab.patch CVE-2018-5996 @@ -1084,7 +1084,7 @@ CVE-2018-5732 RESERVED CVE-2018-105 [HTTP/2 trailer out-of-bounds read] RESERVED - - curl + - curl 7.58.0-1 [jessie] - curl (Vulnerable code introduce later) [wheezy] - curl (Vulnerable code introduce later) NOTE: https://github.com/curl/curl/pull/2231 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cffd5bd1a8f9958994488838ab300f86237aa105 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cffd5bd1a8f9958994488838ab300f86237aa105 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark CVE-2018-0486 as no-dsa for stretch
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 70c634d8 by Salvatore Bonaccorso at 2018-01-24T13:43:58+01:00 Mark CVE-2018-0486 as no-dsa for stretch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -14978,7 +14978,7 @@ CVE-2018-0487 CVE-2018-0486 (Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service ...) {DSA-4085-1 DLA-1242-1} - xmltooling 1.6.3-1 - [stretch] - xmltooling (Xerces is configured to disallow DTD use) + [stretch] - xmltooling (Xerces is configured to disallow DTD use) NOTE: https://shibboleth.net/community/advisories/secadv_20180112.txt NOTE: Fixed upstream in 1.6.3 to workaround bug independent of if parser already NOTE: disallow DTD use. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/70c634d85e6abd4232b882ac7bc0c2c178b96057 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/70c634d85e6abd4232b882ac7bc0c2c178b96057 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2017-15718/hadoop
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 724a0139 by Salvatore Bonaccorso at 2018-01-24T12:26:45+01:00 Add CVE-2017-15718/hadoop - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -19944,6 +19944,7 @@ CVE-2017-15719 RESERVED CVE-2017-15718 RESERVED + - hadoop (bug #793644) CVE-2017-15717 (A flaw in the way URLs are escaped and encoded in the ...) NOT-FOR-US: Apache Sling CVE-2017-15716 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/724a0139ceee4f67296663106095d107587a5d2f --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/724a0139ceee4f67296663106095d107587a5d2f You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] firefox-esr fixed in unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e2f209f8 by Salvatore Bonaccorso at 2018-01-24T10:41:52+01:00 firefox-esr fixed in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -2537,7 +2537,7 @@ CVE-2018-5118 CVE-2018-5117 RESERVED - firefox 58.0-1 - - firefox-esr + - firefox-esr 52.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5117 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5117 CVE-2018-5116 @@ -2591,19 +2591,19 @@ CVE-2018-5105 CVE-2018-5104 RESERVED - firefox 58.0-1 - - firefox-esr + - firefox-esr 52.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5104 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5104 CVE-2018-5103 RESERVED - firefox 58.0-1 - - firefox-esr + - firefox-esr 52.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5103 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5103 CVE-2018-5102 RESERVED - firefox 58.0-1 - - firefox-esr + - firefox-esr 52.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5102 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5102 CVE-2018-5101 @@ -2617,29 +2617,29 @@ CVE-2018-5100 CVE-2018-5099 RESERVED - firefox 58.0-1 - - firefox-esr + - firefox-esr 52.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5099 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5099 CVE-2018-5098 RESERVED - firefox 58.0-1 - - firefox-esr + - firefox-esr 52.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5098 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5098 CVE-2018-5097 RESERVED - firefox 58.0-1 - - firefox-esr + - firefox-esr 52.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5097 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5097 CVE-2018-5096 RESERVED - - firefox-esr + - firefox-esr 52.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5096 CVE-2018-5095 RESERVED - firefox 58.0-1 - - firefox-esr + - firefox-esr 52.6.0esr-1 - skia (bug #818180) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5095 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5095 @@ -2658,7 +2658,7 @@ CVE-2018-5092 CVE-2018-5091 RESERVED - firefox 58.0-1 - - firefox-esr + - firefox-esr 52.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5091 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5091 CVE-2018-5090 @@ -2668,7 +2668,7 @@ CVE-2018-5090 CVE-2018-5089 RESERVED - firefox 58.0-1 - - firefox-esr + - firefox-esr 52.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5089 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5089 CVE-2018-5088 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e2f209f8a0e67e70e5e71646b4ffb550aae7c728 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e2f209f8a0e67e70e5e71646b4ffb550aae7c728 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Firefox issues fixed in unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f7c8d74b by Salvatore Bonaccorso at 2018-01-24T10:39:30+01:00 Firefox issues fixed in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -2518,7 +2518,7 @@ CVE-2018-5123 RESERVED CVE-2018-5122 RESERVED - - firefox + - firefox 58.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5122 CVE-2018-5121 RESERVED @@ -2528,41 +2528,41 @@ CVE-2018-5120 RESERVED CVE-2018-5119 RESERVED - - firefox + - firefox 58.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5119 CVE-2018-5118 RESERVED - - firefox + - firefox 58.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5118 CVE-2018-5117 RESERVED - - firefox + - firefox 58.0-1 - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5117 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5117 CVE-2018-5116 RESERVED - - firefox + - firefox 58.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5116 CVE-2018-5115 RESERVED - - firefox + - firefox 58.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5115 CVE-2018-5114 RESERVED - - firefox + - firefox 58.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5114 CVE-2018-5113 RESERVED - - firefox + - firefox 58.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5113 CVE-2018-5112 RESERVED - - firefox + - firefox 58.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5112 CVE-2018-5111 RESERVED - - firefox + - firefox 58.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5111 CVE-2018-5110 RESERVED @@ -2570,65 +2570,65 @@ CVE-2018-5110 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5110 CVE-2018-5109 RESERVED - - firefox + - firefox 58.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5109 CVE-2018-5108 RESERVED - - firefox + - firefox 58.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5108 CVE-2018-5107 RESERVED - - firefox + - firefox 58.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5107 CVE-2018-5106 RESERVED - - firefox + - firefox 58.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5106 CVE-2018-5105 RESERVED - - firefox + - firefox 58.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5105 CVE-2018-5104 RESERVED - - firefox + - firefox 58.0-1 - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5104 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5104 CVE-2018-5103 RESERVED - - firefox + - firefox 58.0-1 - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5103 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5103 CVE-2018-5102 RESERVED - - firefox + - firefox 58.0-1 - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5102 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5102 CVE-2018-5101 RESERVED - - firefox + - firefox 58.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5101 CVE-2018-5100 RESERVED - - firefox + - firefox 58.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5100 CVE-2018-5099 RESERVED - - firefox + - firefox 58.0-1 - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5099 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5099 CVE-2018-5098 RESERVED - - firefox + - firefox 58.0-1 - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5098 NOTE:
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] dla: claim firefox-esr
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 9d9880cb by Emilio Pozuelo Monfort at 2018-01-24T10:34:19+01:00 dla: claim firefox-esr - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -13,6 +13,8 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues exiv2 (Brian May) NOTE: 20180101: built wheezy version with ASAN in jessie and confirmed that CVE-2017-17669 applies to wheezy version -- +firefox-esr (Emilio Pozuelo) +-- icu NOTE: 20171229: CVE-2017-15422 was reported via Google Code issue report in Chromium project; report is not visible to the public -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9d9880cbc2f39f6f101a8abe640500efef080c25 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9d9880cbc2f39f6f101a8abe640500efef080c25 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f2ceaa93 by security tracker role at 2018-01-24T09:10:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,5 @@ +CVE-2017-18075 + RESERVED CVE-2018-118 NOT-FOR-US: ovirt-engine CVE-2018-6179 @@ -19983,8 +19985,7 @@ CVE-2017-15699 TODO: check, this is possibly specific to AMQ Interconnect as used by Red Hat JBoss, although based on Apache Qpid project CVE-2017-15698 RESERVED -CVE-2017-15697 - RESERVED +CVE-2017-15697 (A malicious X-ProxyContextPath or X-Forwarded-Context header ...) NOT-FOR-US: Apache NiFi CVE-2017-15696 RESERVED @@ -29359,8 +29360,7 @@ CVE-2017-12634 (The camel-castor component in Apache Camel 2.x before 2.19.4 and NOT-FOR-US: Apache Camel CVE-2017-12633 (The camel-hessian component in Apache Camel 2.x before 2.19.4 and ...) NOT-FOR-US: Apache Camel -CVE-2017-12632 - RESERVED +CVE-2017-12632 (A malicious host header in an incoming HTTP request could cause NiFi ...) NOT-FOR-US: Apache NiFi CVE-2017-12631 (Apache CXF Fediz ships with a number of container-specific plugins to ...) NOT-FOR-US: Apache CXF View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2ceaa93d2c5f0ef18abb948b2a8033582a8fbc4 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2ceaa93d2c5f0ef18abb948b2a8033582a8fbc4 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits